Backdoor found in Ruby library for checking for strong passwords



A diligent developer’s security practices have uncovered a dangerous backdoor in a popular Ruby library for checking the password strength of user-chosen passwords.

The malicious code would check if the library was being used in a test or production environment. When in production, it would download and run a second payload downloaded from, a text hosting portal.

This second payload would create the actual backdoor in the apps and websites that used the library — named strong_password.

Read more…